Pinky command

[Hemant . Rumde]

Hi GNU Bug fixers, 

I am old school and has been using finger ( without fingerd for security
reasons ) on Unix. 
Today I came across pinky on RedHat Linux. The man page of this command 
specified your email address. 

In old days, attackers used to create .project symbolic to passwd and
group files to get the 
List of login ids and group via fingerd. I guess, Sun had fixed this
long back in 
Solaris. However in pinky, I can use symbolic link to /etc/passwd and
/etc/group. 

$ cd  <--- Go to home dir 
$ ln -s .project  /etc/passwd 
$ pinky -l  mylogin 

Pinky follows symlink of .project. I guess, Pinky should avoid .project
if it is a symlink. 

Hemant 
ING U.S. Financial Services 
Shared Application Engineering - Enabling Technologies 
Phone: 617-376-4298  
address@hidden 
www.ing-usa.com 
ING. Your future. Made easier.SM 



---------------------------------------------------------

NOTICE: The information contained in this electronic mail message is 
confidential and intended only for certain recipients.  If you are not an 
intended recipient, you are hereby notified that any disclosure, reproduction, 
distribution or other use of this communication and any attachments is strictly 
prohibited.  If you have received this communication in error, please notify 
the sender by reply transmission and delete the message without copying or 
disclosing it.

============================================================================================